US11748491B1ActiveUtility

Determining platform-specific end-to-end security vulnerabilities for a software application via a graphical user interface (GUI) systems and methods

92
Assignee: CITIBANK NAPriority: Jan 19, 2023Filed: Jan 19, 2023Granted: Sep 5, 2023
Est. expiryJan 19, 2043(~16.5 yrs left)· nominal 20-yr term from priority
G06F 21/577G06F 21/552
92
PatentIndex Score
3
Cited by
22
References
18
Claims

Abstract

Systems and methods for determining and displaying platform-specific end-to-end security vulnerabilities via a graphical user interface (GUI) are disclosed. To provide users with visual indications of vulnerable computing aspects associated with a computing platform, the system identifies computing aspects associated with a platform. The system then obtains from a security entity, security-vulnerability descriptions that are associated with the platform. Using the security-vulnerability descriptions, the system then determines threat levels for each security-vulnerability description and then, using the determined threat levels, determines a computing aspect impact level for each computing aspect associated with the platform. The system then generates for display on a GUI, a graphical layout comprising each computing aspect impact level for each computing aspect associated with the platform.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A system for determining platform-specific end-to-end security vulnerabilities for software applications via a graphical user interface (GUI), the system comprising:
 at least one processor; and 
 at least one memory coupled to the at least one processor and storing instructions that, when executed by the at least one processor, perform operations comprising:
 determining a platform associated with a software application, wherein the platform indicates an ecosystem of computing resources within which the software application executes; 
 using the determined platform associated with the software application, identifying a set of assessment-domains by comparing a platform identifier of the platform to an assessment-domain-mapping data structure, wherein the assessment-domain-mapping data structure indicates a mapping of one or more platform identifiers to one or more assessment-domains; 
 obtaining, from a third-party security entity, a set of security-vulnerability responses, wherein each response of the set of security-vulnerability responses indicate at least one security threat associated with a respective assessment domain; 
 assigning a threat value to each security-vulnerability response of the set of security-vulnerability responses by comparing a respective security-vulnerability response to a platform-specific policy, wherein the platform-specific policy includes a mapping of security-vulnerability responses to a predetermined respective threat level that is specific to one or more assessment-domains associated with a respective platform; 
 determining, an assessment-domain impact level for each assessment-domain of the set of assessment-domains related to the platform, by computing a weighted average of assigned threat values of the respective assessment-domain; and 
 generating for display at the GUI, a graphical layout indicating assessment-domain-specific impact levels, wherein the graphical layout includes a graphical representation of each assessment-domain of the set of assessment-domains and a graphical representation of the respective assessment-domain impact level. 
 
 
     
     
       2. The system of  claim 1 , wherein the instructions when executed by the at least one processor further perform operations comprising:
 determining a set of high-impact assessment domains responsive to a respective assessment-domain impact level of a respective assessment-domain exceeding a predetermined threshold value for the respective assessment-domain; and 
 updating the graphical layout indicating the assessment-domain-specific impact levels to only include a graphical representation of each high-impact assessment-domains of the set of high-impact assessment-domains and a graphical representation of the respective high-impact assessment-domain impact level. 
 
     
     
       3. The system of  claim 1 , wherein the instructions when executed by the at least one processor further perform operations comprising:
 determining, for each security-vulnerability response, a system protection mechanism corresponding to the respective security-vulnerability response; 
 determining, based on the system protection mechanism corresponding to a given security-vulnerability response, a mitigated threat value, wherein the mitigated threat value indicates a level of system protection with respect to a security-vulnerability; and 
 determining a mitigated-assessment domain impact level for each assessment domain of the set of assessment domains related to the platform using the mitigated threat values. 
 
     
     
       4. The system of  claim 3 , wherein the mitigated-assessment domain impact level for each assessment domain of the set of assessment domains is further determined by:
 computing a weighted average of mitigated threat values with respect to a given assessment domain; and 
 determining the mitigated-assessment domain impact level for the given assessment domain based on the weighted average of mitigated threat values. 
 
     
     
       5. A computer-implemented method for determining platform-specific end-to-end security vulnerabilities for software platforms via a graphical user interface (GUI), the method comprising:
 identifying a set of computing aspects associated with a software platform using a computing-aspect-mapping structure, wherein the computing-aspect-mapping structure indicates a mapping of platforms to computing aspects involved with a processing of network operations; 
 obtaining, from a security entity, a set of security-vulnerability descriptions, wherein each description of the set of security-vulnerability descriptions indicate security threats associated with the platform; 
 determining a threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using a platform-specific policy, wherein the platform-specific policy indicates (i) security impact information related to security-vulnerability descriptions and (ii) a mapping of security-vulnerability descriptions to predetermined security threat values that are specific to one or more computing aspects associated with a respective platform; 
 determining a computing aspect impact level for each computing aspect of the set of computing aspects associated with the platform using the determined threat value for each security-vulnerability description; and 
 generating for display at a graphical user interface, a graphical layout indicating computing-aspect-specific impact levels, wherein the graphical layout comprises a graphical representation of each computing aspect impact level of each respective computing aspect of the set of computing aspects associated with the platform. 
 
     
     
       6. The method of  claim 5 , further comprising:
 determining a set of high-impact computing aspects responsive to a respective computing aspect impact level of a respective computing aspect exceeding a predetermined threshold value for the respective computing aspect; and 
 updating the graphical layout indicating the computing-aspect-specific impact levels to only include a graphical representation of each high-impact computing aspects of the set of high-impact computing aspects and a graphical representation of the respective high-impact computing aspect impact level. 
 
     
     
       7. The method of  claim 5 , further comprising:
 determining, for each security-vulnerability description, a system protection measure corresponding to a respective security-vulnerability description; 
 determining, based on the system protection measure corresponding to a given security-vulnerability description, a mitigated threat value, wherein the mitigated threat value indicates a level of system protection with respect to a security-vulnerability; and 
 determining a mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects related to the platform using the mitigated threat values. 
 
     
     
       8. The method of  claim 7 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
 computing a weighted average of mitigated threat values with respect to a given computing aspect; and 
 determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted average of mitigated threat values. 
 
     
     
       9. The method of  claim 7 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
 computing a weighted sum of mitigated threat values with respect to a given computing aspect; and 
 determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted sum of mitigated threat values. 
 
     
     
       10. The method of  claim 5 , wherein determining the threat value of each security-vulnerability description of the set of security-vulnerability descriptions further comprises:
 applying a machine learning model to generate the threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using (i) platform-specific policy information and (ii) the set of security-vulnerability descriptions. 
 
     
     
       11. The method of  claim 5 , further comprising:
 applying a machine learning model to generate the computing-aspect-mapping structure using (i) information related to the software platform and (ii) third-party entity security vulnerability information, wherein the computing-aspect-mapping structure maps the security vulnerability information from the third-party entity to computing aspects associated with the software platform. 
 
     
     
       12. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more processors, cause operations comprising:
 identifying a set of computing aspects associated with a software platform using a computing-aspect-mapping structure, wherein the computing-aspect-mapping structure indicates a mapping of platforms to computing aspects involved with a processing of network operations; 
 obtaining, from a security entity, a set of security-vulnerability descriptions, wherein each description of the set of security-vulnerability descriptions indicate security threats associated with the platform; 
 determining a threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using a platform-specific policy, wherein the platform-specific policy indicates (i) security impact information related to security-vulnerability descriptions and (ii) a mapping of security-vulnerability descriptions to predetermined security threat values that are specific to one or more computing aspects associated with a respective platform; 
 determining a computing aspect impact level for each computing aspect of the set of computing aspects associated with the platform using the determined threat value for each security-vulnerability description; and 
 generating for display at a graphical user interface, a graphical layout indicating computing-aspect-specific impact levels, wherein the graphical layout comprises a graphical representation of each computing aspect impact level of each respective computing aspect of the set of computing aspects associated with the platform. 
 
     
     
       13. The media of  claim 12 , wherein the operations further comprise:
 determining a set of high-impact computing aspects responsive to a respective computing aspect impact level of a respective computing aspect exceeding a predetermined threshold value for the respective computing aspect; and 
 updating the graphical layout indicating the computing-aspect-specific impact levels to only include a graphical representation of each high-impact computing aspects of the set of high-impact computing aspects and a graphical representation of the respective high-impact computing aspect impact level. 
 
     
     
       14. The media of  claim 12 , wherein the operations further comprise:
 determining, for each security-vulnerability description, a system protection measure corresponding to a respective security-vulnerability response; 
 determining, based on the system protection measure corresponding to a given security-vulnerability description, a mitigated threat value, wherein the mitigated threat value indicates a level of system protection with respect to a security-vulnerability; and 
 determining a mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects related to the platform using the mitigated threat values. 
 
     
     
       15. The media of  claim 14 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
 computing a weighted average of mitigated threat values with respect to a given computing aspect; and 
 determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted average of mitigated threat values. 
 
     
     
       16. The media of  claim 14 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
 computing a weighted sum of mitigated threat values with respect to a given computing aspect; and 
 determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted sum of mitigated threat values. 
 
     
     
       17. The media of  claim 12 , wherein determining the threat value of each security-vulnerability description of the set of security-vulnerability descriptions further comprises:
 applying a machine learning model to generate the threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using (i) platform-specific policy information and (ii) the set of security-vulnerability descriptions. 
 
     
     
       18. The media of  claim 12 , wherein the operations further comprise:
 applying a machine learning model to generate the computing-aspect-mapping structure using (i) information related to the software platform and (ii) third-party entity security vulnerability information, wherein the computing-aspect-mapping structure maps the security vulnerability information from the third-party entity to computing aspects associated with the software platform.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.